Visual Spoofing via RTL Override, Punycode, and Homoglyph Injection - ATR-2026-00086 (6c328093-8430-5240-abdf-a695b4cca120)

Detects injection attempts that use visual spoofing techniques including Right-to-Left (RTL) override characters, Punycode-encoded domains, and CJK or Cyrillic homoglyph substitution to disguise malicious payloads as benign text or trusted domain references.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9)	MITRE ATLAS Attack Pattern	Visual Spoofing via RTL Override, Punycode, and Homoglyph Injection - ATR-2026-00086 (6c328093-8430-5240-abdf-a695b4cca120)	Agent Threat Rules	1